Despite broader recognition of the need for securing access to applications and other IT resources, enterprises are still struggling to come to terms with the issues involved with identity and access management (IAM), Gartner has warned.
"We need to have a much more well defined process for IAM, with architectures, controls and processes," Gartner UK vice president for research Ant Allan told attendees at a recent conference on identity and access management in London.
While there has been a tendency to treat such problems as primarily a technological issue, and focus on how to integrate identity management into existing applications and systems, effective access management had a much broader impact, Allan said.
"IAM is more and more about business issues as much as it is about security issues."
"You have to reflect the business controls and processes in your IAM controls and processes."
Another recent challenge has been an increasing emphasis on ensuring that staff actually are who they claim to be, an issue which is receiving increasing prominence as global employment patterns shift.
"Before you create identities on your information systems for people, you need to establish who they are in the real world," Allan said.
"We're seeing an increased focus on identity-based networks."
All this may see IAM shift from a technology manager responsibility to higher C-level executives.
"IAM is not something you can relegate to a low-level administrative task," Gartner's Ray Wagner noted.
Merely setting up efficient systems remains troublesome, if the typical queries received by Gartner itself are any indication.
In the first quarter of this year, the most common queries from clients related to basic issues of user provisioning and authentication, Wagner said.
Provisioning alone accounted for almost a quarter of queries.
One reason for increased interest in IAM is the increasing interest fiscal and legal regulators are taking in the systems used to control information access.
"Regulators want to see controls in place, and they want to see that you can show them you have controls in place," Allan said.
Effectively delivering that will likely require multiple categories of software, with Gartner singling out administration and access, verification, authentication and auditing as crucial roles.
"You don't need every kind of tool there is on the market, but you probably need more than one of each category," Allan said.
Play video
There are currently no comments for this post.